Automobiles today are monitored and controlled by many Electronic Control Units (ECUs) that communicate with each other in an in-vehicle communication system. Before the most widely used automotive bus standard, Controller Area Network (CAN), emerged, wiring between ECUs were point to point, which resulted in complex and expensive wiring configurations. CAN, which is a broadcast network connecting multiple ECUs, vastly reduced the wiring complexities and provides real-time, high-speed communications between ECUs.
However, the CAN standard lacks provisions for authentication and confidentiality, which allows any ECU connected to a CAN bus to transmit any properly formed CAN message. As a result, a compromised ECU can transmit spoofed and malicious messages on the CAN bus. Moreover, due to the broadcast nature of the CAN bus, a single compromised ECU can simultaneously affect multiple ECUs in the CAN network.
Various schemes have been proposed to introduce cryptographic elements within the CAN message to provide CAN message authentication. One scheme adds a cryptographic Message Authentication Code within a CAN message at the Application layer (layer 7) to allow each ECU to authenticate that CAN message. This approach, however, introduces significant communication overhead onto the CAN bus as the amount of ECU data that each CAN message can transmit is reduced. Another variant of introducing cryptographic elements replaces an error-detecting code, e.g., a cyclic redundancy code (CRC), in a CAN message with a cryptographically Message Authentication Code, e.g., a cryptographic CRC, at the link layer (layer 2) in hardware. While this variant does not introduce significant communication overhead, this variant requires each CAN controller within respective ECUs to be modified because cryptographic CRCs are not implemented in the CAN standard and therefore standard CAN controllers lack the functionality to process such cryptographic CRCs.